#!/bin/bash
set -e

# This entrypoint handles volume permissions for the LDR container.
# Docker volumes are created with root ownership, but we need them
# accessible to the ldruser (UID 1000) that runs the application.

echo "Setting up /data directory permissions..."

# Create required subdirectories under /data if they don't exist
mkdir -p /data/logs
mkdir -p /data/cache
mkdir -p /data/research_outputs
mkdir -p /data/encrypted_databases

# Set permissions to 700 (owner-only access for security)
chmod 700 /data/logs
chmod 700 /data/cache
chmod 700 /data/research_outputs
chmod 700 /data/encrypted_databases

# Fix ownership of /data and all subdirectories
# This is safe because we're still root at this point (before USER directive takes effect)
chown -R ldruser:ldruser /data

# Create matplotlib cache directory for ldruser
echo "Setting up matplotlib cache directory..."
mkdir -p /home/ldruser/.config/matplotlib
chown -R ldruser:ldruser /home/ldruser/.config
chmod -R 700 /home/ldruser/.config

echo "Starting LDR application as ldruser..."

# Switch to ldruser and execute the command
exec gosu ldruser "$@"
